[Emerging-Sigs] Sig for generic fake SSL cert used by Trojan campaign
mcholste at gmail.com
Tue Oct 19 14:56:48 EDT 2010
Ha ha yes, I believe I need to get that "muscle memory" going with the
gmail keyboard shortcuts as recommended...
On Tue, Oct 19, 2010 at 1:49 PM, Mike Lococo <mikelococo at gmail.com> wrote:
> On 10/19/2010 02:00 PM, Martin Holste wrote:
>>> Matt already agreed to enable these by default, but as an aside... it's
>>> worth noting that Internet Widgets Pty won't be offended because it
>>> isn't a real company. They're just a demo field in the OpenSSL Demo CA
>> LOL, yes, that's why I was so sure "they" wouldn't mind.
>> Seriously though, no thoughts from anyone on ssl_state performance?
> I haven't tested, but intuitively it makes sense that 'ssl_state:
> server_hello;' should be more efficient than what I wrote, which would
> have been content matching on every server-to-client packet in an
> established connection.
> Matt, do we want to replace:
> "ssl_state: server_hello;"
> in sids...
> sid:2011539 - ET POLICY OpenSSL Demo CA - Internet Widgits Pty (CN)
> sid:2011540 - ET POLICY OpenSSL Demo CA - Internet Widgits Pty (O)
> sid:2011541 - ET POLICY OpenSSL Demo CA - Cryptsoft Pty (CN)
> sid:2011542 - ET POLICY OpenSSL Demo CA - Cryptsoft Pty (O)
> Mike Lococo
> PS - Responding to the list because the use of "anyone" in Martin's
> response makes me think it went to me personally by mistake.
> Emerging-sigs mailing list
> Emerging-sigs at emergingthreats.net
> Support Emerging Threats! Get your ET Stuff! Tshirts, Coffee Mugs and Lanyards
More information about the Emerging-sigs